The Honeypots: Monitoring
and Forensics Project's purpose is to highlight cutting edge techniques,
tools and resources for conducting Honeypot Research and Forensic Investigation.
There are a number of outstanding Honeypot/net Research projects available,
most notably, the Honeynet Project (http://project.honeynet.org).
This project hopes to compliment the work conducted by the Honeynet Project
by focusing on individual honeypots rather than honenets. The focus
is even further specified by highlighting monitoring and forensic techniques
rather than honeypot setup and installation settings. Many of the
papers and tools presented on this website are the result of honeypot research
testing conducted by Ryan C. Barnett.

Honeypot Definition:An Internet-attached server that
acts as a decoy, luring in potential hackers in order to study their activities
and monitor how they are able to break into a system. Honeypots are designed
to mimic systems that an intruder would like to break into but limit the
intruder from having access to an entire network. If a honeypot is successful,
the intruder will have no idea that s/he is being tricked and monitored.
Most honeypots are installed inside firewalls so that they can better be
controlled, though it is possible to install them outside of firewalls.
A firewall in a honeypot works in the opposite way that a normal firewall
works: instead of restricting what comes into a system from the Internet,
the honeypot firewall allows all traffic to come in from the Internet and
restricts what the system sends back out. By luring a hacker into a system,
a honeypot serves several purposes:

The administrator can watch the hacker
exploit the vulnerabilities of the system, thereby learning where the system
has weaknesses that need to be redesigned.

The hacker can be caught and stopped
while trying to obtain root access to the system.

By studying the activities of hackers,
designers can better create more secure systems that are potentially invulnerable
to future hackers.